Site   Web

January 23, 2014

Yahoo Makes Move to Secure Search by Default

Photo by Giorgio Montersino via Compfight cc — Yahoo CEO Marissa Mayer at a public event.

All searches on are now done through a secure server as part of the firm’s efforts to launch encryption across all of its products.

The update means secure search is now the default option for Yahoo’s U.S. home page.

It appears that only Yahoo’s U.S. home page has been updated thus far. The home page for other countries is also to be updated at some point.

Yahoo announced in October https encryption with a 2048-bit key will be the default setting for all users logging into Yahoo’s e-mail service beginning Jan. 8.

The update was carried out quietly with no announcement from the search engine company.

Marketing Land was the first to notice the change, although the publication’s report, which did not name an exact date, could only say that the change had been recent.

Mayer, in a November blog post, said the same level of encryption — also known as Secure Sockets Layer (SSL) — would extend across all Yahoo products by the Jan. 8 date, so it is likely the change did occur around that time.

Mayer tweetAs part of the commitment, Mayer said Yahoo would:

  • Encrypt all information that moves between its data centers by the end of Q1 2014;
  • Offer users an option to encrypt all data flow to/from Yahoo by the end of Q1 2014;
  • Work closely with its international Mail partners to ensure that Yahoo co-branded Mail accounts are https-enabled.

Although Yahoo offered SSL encryption as an option to users since last January, those wanting to use it had to turn it on themselves to receive enhanced privacy.

Yahoo is definitely late to the SSL encryption party compared to its main competitors.

Google enabled HTTPS-only — a communications protocol for secure communication over a computer network — by default for all Gmail users three years ago.

Microsoft made SSL the default for it e-mail service in July of 2012 and Facebook set it as a default for U.S. users last February and globally last July.

While Yahoo’s secure search is similar to Google’s, Marketing Land’s report indicates Yahoo will no longer provide referral information to websites with non-secure servers, unlike Google. As a result, marketers could be led to believe there was a plunge in traffic from Yahoo.

Marketing Land explains it this way:

For example, if someone searched on Yahoo for “books” and clicked on a listing for Amazon, Amazon would be able to tell that it received a visitor from Yahoo and that the visitor searched for the word “books.”

With the change, this no longer happens. Yahoo is sending no referrer data at all from its secure server to unsecure sites (which are most sites out there). This means marketers who are getting traffic from Yahoo won’t know this at all. They’ll instead see a plunge in traffic coming from Yahoo and a rise in traffic from “direct” visitors.

Mayer, in last fall’s blog post, said one of the reason’s for the change was to avoid government spying.

“As you know, there have been a number of reports over the last six months about the U.S. government secretly accessing user data without the knowledge of tech companies, including Yahoo,” Mayer said in the post.

“I want to reiterate what we have said in the past: Yahoo has never given access to our data centers to the NSA or to any other government agency. Ever. There is nothing more important to us than protecting our users’ privacy.”

Concerns over government surveillance have reached an all-time high in the past four months as the media, with the help of whistleblower Edward Snowden, continues to shine a spotlight on the spying practices of the National Security Agency.


Jennifer Cowan is the Managing Editor for SiteProNews.